Simon McVittie
2afb0dd663
Do not directly enable emailauth by default, only indirectly via openid
...
This avoids nasty surprises on upgrade if a site is using httpauth,
or passwordauth with an account_creation_password, and relying on
only a select group of users being able to edit the site. We can revisit
this for ikiwiki 4.
2015-05-27 08:52:01 +01:00
Simon McVittie
9ab3d2a6be
stop ./gitremotes from processing some broken links
2015-05-27 08:16:31 +01:00
usgv@7608a70b09743e47fbf6b7bcd937121e03e4e244
47d4aa4812
2015-05-26 10:07:14 -04:00
https://id.koumbit.net/anarcat
599e16aef2
openid spam happens, as it turns out
2015-05-25 13:26:03 -04:00
Antoine Beaupré
6dfba9b72e
identified (partly) last spammer
2015-05-25 13:19:29 -04:00
Antoine Beaupré
66c21af8ba
Revert "WU trf, train tickets, ship shop, cvv, complete fullz, dumps"
...
This reverts commit 1d05cf33fb
.
2015-05-25 13:17:56 -04:00
https://me.yahoo.com/a/NyYLSvhuu9XQ3TQ79dx8Peg5GY1VfiNezVI-#df77b
1d05cf33fb
WU trf, train tickets, ship shop, cvv, complete fullz, dumps
2015-05-25 09:06:26 -04:00
spalax
4268a63be5
typo
2015-05-21 12:29:21 -04:00
spalax
9ee5f1626e
Question about python path for external plugins.
2015-05-21 12:28:33 -04:00
Jake1
b385373b69
http://i.imgur.com/0yo0VjC.png?1
2015-05-19 18:27:41 -04:00
Joey Hess
3676ab329d
sohrten url in subject
2015-05-19 17:44:20 -04:00
Joey Hess
ba02e7f33d
nicer layout of subject
2015-05-19 17:41:14 -04:00
Joey Hess
73e32f7fa6
add url to subject of email
...
The wikiname can be pretty un-helpful, the user will probably regognise the
url since they were just at it.
2015-05-19 17:38:15 -04:00
Joey Hess
84efd3e00f
allow emailuser to be called when there is no %config set
...
ikiwiki-hosting needs to do this
2015-05-19 17:06:25 -04:00
Joey Hess
fecfa53988
changelog
2015-05-19 15:35:25 -04:00
Daniel Kahn Gillmor
a5309078ec
make cgiurl output deterministic
...
IkiWiki::cgiurl() currently produces non-deterministic output, because
the params hash can be sorted different ways.
Sorting keys to params before crafting the string should make the
output deterministic.
2015-05-19 15:34:46 -04:00
Amitai Schlair
da0baca91b
Idea: embedded podcast A/V player.
2015-05-17 18:44:30 -04:00
Joey Hess
ab1bba9dab
cloak user PII when making commits etc, and let cloaked PII be used in banned_users
...
This was needed due to emailauth, but I've also wrapped all IP address
exposure in cloak(), although the function doesn't yet cloak IP addresses.
(One IP address I didn't cloak is the one that appears on the password
reset email template. That is expected to be the user's own IP address,
so ok to show it to them.)
Thanks to smcv for the pointer to
http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2015-05-14 11:58:21 -04:00
Joey Hess
2a64eea0f5
comments
2015-05-14 11:02:57 -04:00
Joey Hess
85a529db3d
passwordauth: Don't allow registering accounts that look like openids.
...
Also prohibit @ in account names, in case the file regexp was relaxed to
allow it.
2015-05-14 10:57:56 -04:00
Joey Hess
804144402b
Merge branch 'master' of ssh://git.ikiwiki.info
2015-05-14 10:46:59 -04:00
Joey Hess
dd762222fa
crufty po updates
2015-05-14 10:44:09 -04:00
Joey Hess
f1f3d4c6e7
update re passwordauth @
2015-05-14 10:41:07 -04:00
Joey Hess
4fc4e78cd8
sanitize nickname derived from email address
2015-05-14 10:40:52 -04:00
https://id.koumbit.net/anarcat
7ef44d84d6
acls and expectations
2015-05-14 08:22:29 -04:00
kjs
dd1dceef47
Critical of automatic merging of stylesheets
2015-05-14 08:14:37 -04:00
kjs
71ddaa5adb
2015-05-14 07:06:43 -04:00
smcv
20d8557c7b
please do cloak email addresses, the principle of least astonishment applies
2015-05-14 06:05:58 -04:00
smcv
42b3b1f63a
proposal for making emailauth not force username == email address
2015-05-14 05:49:45 -04:00
Joey Hess
b831d4a6f1
note about email visibility in git commits
2015-05-13 23:44:23 -04:00
Joey Hess
b89f4b7ec5
fix page extension
2015-05-13 23:43:16 -04:00
Joey Hess
369bfd45cc
close
2015-05-13 23:42:34 -04:00
Joey Hess
cfb2c22906
Merge branch 'emailauth'
2015-05-13 23:38:56 -04:00
Joey Hess
bf8b7fe2d1
changelog
2015-05-13 23:38:46 -04:00
Joey Hess
70cf5bb765
don't let emailauth user's email address be changed on preferences page
...
There's no real problem if they do change it, except they may get confused
and expect to be able to log in with the changed email and get the same
user account.
2015-05-13 23:32:29 -04:00
Joey Hess
7a68c4a01c
when an emailauth user posts a comment, use the username only, not the full email address
...
This makes the email not be displayed on the wiki, so spammers won't find
it there.
Note that the full email address is still put into the comment template.
The email is also used as the username of the git commit message
(when posting comments or page edits). May want to revisit this later.
2015-05-13 23:26:22 -04:00
Joey Hess
497513e737
avoid showing password prefs for emailauth user
2015-05-13 23:24:07 -04:00
Joey Hess
22339188e7
allow adminuser to be an email address
2015-05-13 23:07:29 -04:00
Joey Hess
239cd95db7
tweak wording
2015-05-13 23:07:07 -04:00
Joey Hess
a7bd24b7b9
fix up session cookie
2015-05-13 23:06:52 -04:00
Joey Hess
95e1e51caa
emailauth link sent and verified; user login works
...
Still some work to do since the user name is an email address and should
not be leaked.
2015-05-13 22:27:03 -04:00
Joey Hess
f1d77f8193
add emailauth.tmpl
2015-05-13 21:15:08 -04:00
Joey Hess
035c1a2449
move stub auth hook to loginselector
2015-05-13 18:54:13 -04:00
Joey Hess
e34533d1a0
email auth plugin now works through email address entry
2015-05-13 18:50:40 -04:00
Joey Hess
5b459737a5
Converted openid-selector into a more generic loginselector helper plugin.
2015-05-13 18:50:29 -04:00
Joey Hess
f8add0adb3
rename openid selector files to login-selector
2015-05-13 17:58:59 -04:00
Joey Hess
7765941011
further generalization of openid selector
...
Now template variables can be set to control which login methods are shown
2015-05-13 17:51:29 -04:00
Joey Hess
ab4d9a5467
generalized the openid selector to a login selector
...
This includes some CSS changes to names of elements.
Also, added Email login button (doesn't work yet of course),
and brought back the small openid login buttons. Demoted yahoo and verison
to small buttons. This makes the big buttons be the main login types, and
the small buttons be provider-specific helpers.
2015-05-13 16:50:44 -04:00
Joey Hess
ee2905ae0a
comments
2015-05-13 16:49:12 -04:00
https://id.koumbit.net/anarcat
5d49b5c115
link to indieauth and mention existing problems with this approach
2015-05-13 15:49:18 -04:00